Why are people so against paying for IT Support?

/in , , /by

I’d be rich if I had a $5 dollar bill (inflation) every time I heard:

  • “My son/daughter/niece/nephew (pick one) who is only 2/4/6/8 (pick one) years old was able to solve my computer problem; why do I need you?”
  • Lisa, a senior VP in our marketing department, handles our IT.”
  • “I’m moving to the Cloud, so I won’t need IT support.”
  • “I looked up the answer on Google; it was easy to fix.”

Sure, anyone with technical interest and aptitude can address IT-support issues, particularly those at the lower, end-user level (comprised of printers, computers, and mobile devices).  Many organizations have that one Lisa/Joe/Patty who helps with IT-support issues (in addition to working their full-time job) or is the dedicated IT resource within the organization; they feel it is cost-effective to have an internal IT person or an IT department, often citing the need for a warm body onsite who can respond instantly, particularly when the President can’t sync her iPhone.

However, IT is a complex field with many moving parts; it is difficult to be proficient, let alone expert, in all areas.  For example:

  • Lisa designed the computer network to be reliable, secure, and robust, but is overqualified (and not cost-effective) helping someone print a document.
  • Joe can change toners, but does not know what to do when the Internet is down; especially troublesome when your primary application is Cloud-based.
  • Patty configures Windows desktop computers and iPhones for employees, but cannot verify that the firewall is doing its job.

Basically, IT is a multi-facet discipline; successful IT support personnel have:

  • An understanding of the components (desktop computers, mobile devices, servers, firewalls, routers, Cloud, etc.) and their interdependencies.
  • A step-by-step troubleshooting mentality that works well under pressure.
  • A willingness to stay current with constantly changing and emerging topics.

IT is an expense, but also an enabler; it is usually fundamental to an organization’s success, often representing an opportunity to get ahead of a less-savvy competitor.  Given the breadth of technology options and the potential to develop new business or reduce costs, more organizations trust (and outsource) their critical IT functions to a Managed IT Services Provider (MSP) or a Total IT Services Provider (TSP).

Truly effective MSP/TSP companies are dedicated to remaining IT savvy while focused on the business requirements and concerns of their clients.  These companies share similar characteristics:

  • A broad, experienced service team with varying levels of competence:
    • Technician (Level-1) – End-user oriented and experienced in the devices common to end-users: Mobile devices, PCs, MACs, printers, scanners, and the like.  They should work well with others, be experienced in end-user operating systems (Microsoft Windows, Google Android, MAC iOS), and have excellent troubleshooting skills.
    • Engineer (Level-2) – Network-device oriented and experienced in Cloud, servers, virtualization, Ethernet switches, firewalls, routers, Wireless Access Points, and other network devices. They must be good troubleshooters and understand network-level IT components.
    • Consultant (Level-3) – Implementers of Cloud-based solutions and local and wide-area networks. Social skills are expected; business skills are a must.
    • Chief Technical Officers (God-level) – Architects of Cloud-based/ hybrid-Cloud solutions and wide area networks. They must understand the technical functionality of all of the moving parts, while keeping the business needs and consequences in clear focus.
  • A proven, capable management team that can focus technicians, engineers, and consultants on the tasks at hand while preparing them, skill-wise, for an ever-changing world.
  • A defined set of business-oriented processes designed to manage, optimize, and secure (coincidently, Manage ● Optimize ● Secure is our tagline) their client’s network environments. These processes are not static, but tend to be ever-evolving and striving toward proactive automation and perfection.

In sum:

  • IT is a complex, changing discipline of multiple levels,
  • IT can enable new opportunities or reduce costs,
  • IT can make or break an organization, and
  • MSPs/TSPs can maximize your IT potential!

If you are looking for a business partner to help you navigate the ever-changing technology and cybersecurity landscape, we’re here for you. For more information about Bryley’s full array of Managed IT Services, Managed Cloud Services, and Cybersecurity Services please contact us at 978.562.6077 or by email at ITExperts@Bryley.com.

Lights…Camera…Action!

/in /by

Main Street in Hudson was quite busy with production and film crews working hard from the early morning hours until late in the evening for a few days in early May. During the filming of an upcoming movie starring David Spade, in “Who Do You Think Would Win”, downtown Hudson was bustling with excitement – and all the action was just a few doors away from Bryley Systems.

What you need to know about the “WannaCry” Attack

/in , , , /by

On Friday, we learned that hackers had exploited malicious software stolen from the National Security Agency (NSA) and held many organizations’ data ransom. As of this morning, it is estimated that this cyberattack was felt by approximately 200,000 organizations in 150 countries including Britain’s hospital network, Germany’s national railway, “computers that run factories, banks, government agencies and transport systems in scores of countries, including Russia, Ukraine, Brazil, Spain, India and Japan, among others… Russia’s Interior Ministry and companies including Spain’s Telefonica and FedEx Corp. in the U.S.”1

While the exact scope of the damage is not fully known, it does appear to be the largest cyberattack on record. These cybercriminals demanded $300 in the beginning and later increased it to $600 before destroying the files hours after that.1 While the ransom amount won’t necessarily bankrupt a company, it is also no guarantee that a company will have its data returned or unlocked, which can have more dire consequences.

There are several steps you can take to avoid becoming the next victim:

  • Immediately update both desktop and Windows systems with the Microsoft patch MS17-010.
  • Do not open links sent from unknown sources. If you need to open a link, scan it for malware first.
  • Backup your files. It is always a wise decision to regularly backup your files to ensure your business can continue to function.
  • Keep your systems up-to-date. It is vital to check for updates on your machines to catch any vulnerabilities and perform patch updates.
  • Educate your users. They are the first line of defense against an attack so it is imperative that they are able to identify potential phishing scams and fraudulent emails.

These are but a few of the “Best Practices” that can be employed to safeguard your data and business. If you’re ready to protect your organization, it pays to work with a Managed IT Services/Managed Cloud Services company, like Bryley Systems, to ensure that you’re taking the right steps. Bryley will recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss.

Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

 

  1. Associated Press. “Monday morning blues as ‘WannaCry’ hits at workweek’s start.” May 2017.
  2. New York Times “Hackers Hit Dozens of Countries Exploiting Stolen N.S.A. Tool.” May 2017.

Team Bryley to participate in the Boston Brain Tumor Ride

/in , , , /by

On Sunday, May 21st, a few Bryley employees will ride in a family-friendly bike ride to help find a cure for brain tumors. Brain tumors are the leading cause of cancer-related deaths in children 0-141. By participating in the Boston Brain Tumor Ride, Bryley employees are taking a stand in the fight against brain tumors.

Bryley’s own Jessica Giunta, Marketing Specialist, has been an active committee member assisting with numerous events and fundraising efforts for the National Brain Tumor Society since 2014.

1 American Brain Tumor Association

What Can we Learn from the Netflix Leak?

/in , , , , /by

Netflix was in the news recently for a mishap with its production company. A cybercriminal that goes by the name “thedarkoverlord” was able to breach postproduction company Larson Studios, and has claimed to have “stolen unreleased content from ABC, Fox, National Geographic and IFC.”1 After Netflix refused to pay the ransom, the cybercriminals released the first 10 episodes of Season 5 of “Orange Is The New Black” on Friday, April 28th via Twitter. When they did not receive the desired response (payment), the released the remaining nine episodes of the season the following day.1

This is the latest high-profile breach in the past year (LinkedIn, Twitter, IRS just to name a few). According to a report published by Verizon, ransomware attacks have “increased in the past five years and were up 50 percent in 2016 compared with 2015…”1

This breach is a reminder to stay vigilant and maintain your safeguards. Here are some tips on how to avoid finding yourself in this type of predicament:

  1. Create a Firewall. While most operating systems come with their own firewalls, they are typically only designed to protect one machine. To protect yourself from attacks and malware, it is best to invest in a network firewall.
  2. Encrypt Your Data. A firewall is considered the first line of defense, encrypting your data provides that extra layer of security. You do not want them to be able to through the firewall and have easy access to your proprietary information.
  3. Have Policies in Place. You can have all the devices and systems in place, but if your employees are not well-versed in their roles of protecting the data, all your effort will be for not. Instead, make sure employees know how to treat the data and the steps they need to take to avoid any potential issues. One of the core policies that should be implemented is a password policy. Employees should be prompted to change their password a minimum of every 90 days (less depending upon your industry). Passwords should be complex and include numbers, letters, and symbols.
  4. Have a regular review of your infrastructure. You go to the doctor for regular checkups, you should do the same for your company’s infrastructure. It can often be difficult to do on your own as you may not have all the knowledge and expertise or the bandwidth to conduct a proper evaluation. Do not be afraid to ask an MSP, such as Bryley, to conduct a network assessment and evaluate your infrastructure. They have expertise and breadth of knowledge that will prove valuable and can highlight what you are doing well and areas where you can improve.

If you would like to improve your cybersecurity plan, or to inquire about Bryley’s full array of our Managed Cloud Services and Managed IT Services, please contact us at 844.449.8770 or by email at ITExperts@Bryley.com. We’re here for you.

 

1 Perlroth, Nicole and Matthew Haag. Hacker Leaks Episodes From Netflix Show and Threatens Other Networks. 29 April 2017.
http://www.cbsnews.com/news/irs-identity-theft-online-hackers-social-security-number-get-transcript/
http://www.cnbc.com/2017/03/15/turkey-twitter-accounts-hacked-germany-netherlands-nazis-forbes.html
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/

Beware!! Google Docs Phishing Scam

/in , , , , /by

If you recently received an email asking you to open a Google Docs, and you don’t know the sender, don’t open it! Chances are, this is a phishing email designed to have you click on a link and gain access to your information.

The email looks similar to a true Google invitation, but there are key differences.

The bogus email does not provide the name of the shared document and lacks the Google Docs icon.

The real email includes the name of the document, with the Google Docs icon .

Google is aware of this issue and issued a statement Wednesday saying, “We’ve removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail.”

We all face the grueling task of trying to manage our email. While email is a very convenient mode of communication and most of it is genuine, knowing the signs of phishing emails will prevent you from unleashing a disaster.

When in doubt, don’t click! Contact your IT administrator. And remember, legitimate organizations will never ask you to disclose personal data via email.

For more information, please see “Recommended Practices – Part 4: Email Use” in the November 2014 edition of Bryley Information and Tips (BITs).

Read this case study about a particularly vicious attack that Bryley remediated.

Bryley Systems specializes in protecting you from malware. Contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you.

Interested in more security news? 

Sign up for our monthly newsletter to receive the latest cybersecurity updates right in your inbox!

Newsletter Signup

WRCC Ambassadors On The Move

/in , , /by

The Worcester Regional Chamber of Commerce (WRCC) Ambassadors visited the Worcester County Food Bank (WCFB) Wednesday, April 5th; many brought donations, but all were there to learn about the WCFB, its purpose, and its partnership with the WRCC.

The WCFB’s mission is “To engage, educate and lead Worcester County in creating a hunger-free community.” As one of four regional centers across Massachusetts, the WCFB last year distributed 6.3 million pounds of food to 128 partner agencies, which provided 5.3 million meals to 89,000 people in need throughout the 60 cities and towns of Worcester County.

 

The WRCC partners with the WCFB through the Worcester Regional Food Hub, a Commercial Kitchen Incubator to enhance and support food-producer networks, workforce-development programs, and local small businesses.

Our tour of the clean, 37,000 square foot warehouse was conducted by Jean McMurray, Executive Director, who described their efforts to keep a stable, continuous supply of food while advocating for the elimination of hunger in Worcester County.

Gavin Livingstone, Chair of the WRCC Ambassador Committee, and Cathy Livingstone, WCFB Board of Directors member – joint-owners of Bryley Systems Inc. – organized and attended this event.

5 Steps to Avoid Ransomware

/in , , , /by

Coffee in hand, you’re preparing to read through your new emails as you start your day. You anticipate a productive day today. Yesterday you stayed 3 hours late to complete your big presentation, 2 days ahead of schedule, and you’re basking in the glow of the satisfaction of a difficult job well done and being ready early. How often does that happen?

You have Outlook open and are starting to review the newest emails when all of a sudden, a window pops up with bold text:

!!! IMPORTANT INFORMATION !!!

All of your files are encrypted with RSA-2048 and AES-128 ciphers.

Huh?!?! What does this mean?

It means your day has taken a turn for the worse… You have just been notified that the Locky Ransomware has just completed its work on your system by encrypting all of your files (rendering them useless) and is now demanding payment from you to get your files back. Depending on the sophistication of the Locky variant, it will ask you for anything between 1-15 Bitcoins (Bitcoins are trading for $1,205.00 at this time). This may depend on what it perceives the value of the stolen files to be. Server infections typically demand larger sums. Instructions are included on how to make payment with the guarantee that if payment is made, you will receive a key to unlock your precious files.

What can you do? Your mind is racing. How can this happen?!?! Your heart rate is increasing rapidly! Put down that coffee… take a few deep breaths. This represents anything from an irritating interruption to a disaster of epic proportions. What you have done up to this point will determine the impact of this event.

If you have good backups, this represents a minor inconvenience. If you don’t have backups at all … you will have to decide if you’re going to count your losses and move forward or consider paying the Ransom. After all, there is honor among thieves … or is there???

How can you avoid being in this situation?

There are several things that can be done before you are in this situation to “reduce your surface of vulnerability” and to recover without great loss.

    1. Backup your data.
      Good backups cure many woes. You may not use your backups for months or even years, but when the need arises, you want to be sure you can recover to a point where you can feel whole again.
    2. Purchase Advanced AntiVirus and AntiMalware and keep it up to date.
      Many of todays Advanced AntiVirus/AntiMalware programs will monitor your system for behavior that looks like ransomware at work and shut it down before it gets too far. Some will not.
    3. Do not open attachments or click on links in the email from unknown sources.
      If you need to open attachments, scan them for malware first. Many people are fooled by Human Engineered emails that “look” legitimate but have attachments or links that are masked in some clever way.
    4. Limit user access to data they need.
      Although this doesn’t help with avoidance, it will certainly help to minimize the impact if it happens. If everyone has access to everything, that means if one person becomes infected, they have the capability to cause encryption of ALL data they can see.
    5. Train your staff on proper Business Security Best Practices and to be aware and vigilant. If your data is important to your business, it needs to be handled as such.

 

 

 

There are other “Best Practices” that can be employed to safeguard your data and business. Take a proactive approach and avoid the reactive. In the long run, the reactive approach will cost much more in time, money, and grief. Give Bryley Systems a call (844.449.8770) to discuss what you can do to improve your overall security, efficiency, and cost … and enjoy that coffee!

Data Theft – What Happens When an Employee Leaves your Company?

/in , , , /by

Let’s start with the premise that company data belongs to the company, not to the employee.

When an employee leaves a company, whether voluntarily or involuntarily, it is quite common for sensitive and confidential data to disappear.

While most employees will leave their jobs voluntarily, there are always involuntary terminations such as a reduction in workforce, or, a termination based upon poor performance reviews. The problem from a security standpoint is that it is very common for these folks to take sensitive and confidential data with them, perhaps accidentally, but perhaps intentionally.

Just stop for a moment to consider all of the data that your employees have access to: various types of intellectual property, price lists, customer and key account information, financial data, sensitive HR material, marketing plans, sales data, competitive intelligence, product and manufacturing plans, databases, software programs. All of which belong to the employer.

As a business owner, you may be asking yourself why people would take data with them.

Accidental. In a world filled with so many devices, cloud storage, mobile apps, and cloud applications, a departing employee may leave with a lot of corporate data and not even remember or realize that they still have it in their possession. Since so many employees work from home, corporate data will often end up on a personal laptop, desktop, USB stick, phone, or in a shared file.

Entitlement. An employee who has worked on key client relationships or perhaps is leaving an organization that is struggling financially, won’t always feel like the data belongs to the organization. In fact, these people may think that they’re justified in taking the data with them, and that it really belongs to them. This issue is most common and kept common by the mere fact that corporate data protection policies aren’t always strictly enforced, especially in smaller organizations.

Malicious Intent. Some employees may be angry because of a layoff or other involuntary termination. Others may not have gained a promotion they felt they deserved. Some may have a personal dispute with upper management or with their supervisor. Then there are those who feel they will have a lot to gain by bringing this information to their next employer. While this may be less common, it will likely prove to be the most destructive scenario.

What are the consequences of an employee leaving with proprietary information? Whether it’s by mistake, or maliciously, the worst case scenario is that it has the potential to put an organization out of business.

The best way to protect your organization is to be proactive by establishing and enforcing a set of best practices.

  • Organizations must maintain complete, ongoing visibility into sensitive data wherever such data is stored.
  • All sensitive and confidential data should be encrypted.
  • Email should be archived.
  • Require appropriate authentication for sensitive data. Creating policies that will alert or require approval will keep data safe.
  • Limit and manage employee access by department, role, and function. Limit access only to content that is needed to get the job done. For example, an IT person does not need unlimited access to HR files, nor does a financial person necessarily need complete access to the CRM system.
  • Ensure a proper backup and recovery policy. All data should be backed up to a central or accessible location. A recovery plan should be in place should an employee maliciously change or delete data.
  • Develop a policy for the proper use of email and company-owned devices. Employees should be trained on these policies and asked to sign an acknowledgement form.
  • Train management properly so that when an employee leaves, the exit process is handled professionally to prevent both inadvertent and malicious loss of data.
  • Do not allow employees to install their own applications, mobile apps, etc. as this will open up the organization to malware and ransomware. The IT department should always handle the installation of applications.
  • Develop a policy around BYOD (Bring Your Own Device) to ensure that personal devices are properly secured.

You can protect your organization to minimize, if not eliminate, the threat of sensitive and confidential information theft. Create corporate policies focused on appropriate employee management of data. Establish processes designed to control employee use of data. Deploy technology solutions that will keep corporate data safe.

If you’re ready to protect your organization, it pays to work with a Managed IT Services/Managed Cloud Services company, like Bryley Systems, to ensure that you’re taking the right steps. Bryley will recommend solutions to eliminate weak links in your security chain, and help you develop an organization-wide policy to help prevent data loss.

Please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here to help.

The Value of an MSP Relationship

/in , , , /by

IT professionals working for an organization are seeing the value of a Managed IT Service Provider (MSP) relationship as more positive than ever before. In fact, most organizations who use MSPs typically maintain an IT staff of their own to work together with their MSP.

There are numerous advantages of having a valued MSP.

One-Time Events are Less Costly and Stressful. Upgrades or installations are often frus­trating because the organization has to go to great expense to send people to training and oftentimes, it is training they’ll only use once. MSPs who have already performed those installations or upgrades can of­ten be swapped into place to execute those tasks which in the long run, saves your organization both time and money.

You are Less Likely to be Short-Handed. Whenever an assigned MSP professional is out for any reason, they are replaced by an equally skilled colleague who has been briefed and trained on your organization’s IT environment. Substitutes can quickly fill in the way you expect them to.

Reliability and Accountability. No longer will a single individual be held responsible for any specific situation. The MSP will own the obligation to resolve any issue quickly and thoroughly. Your regular IT staff can also easily be backfilled in the event of an emergency situation which will reduce stress and the likelihood that a project may not be completed in the event of a regular staff member being ill or having an emergency.

Broader Selection of Skills. Sometimes getting certain IT tasks accomplished requires skills that none of the IT personnel assigned to the company have. In these cases, the MSP can temporar­ily replace assigned personnel with others who do have those needed skills, therefore relieving the pressure to engage a “specialist” to get unusual tasks handled.

Increased Agility. New technologies can be deployed and the value of that technology is appreciated much more rapidly because there is little to no learning curve for employees. When the MSP can fill in the gaps between standard operating procedures and emerging new needs.

Focus on Growth. Often, when compa­nies are growing quickly, they are challenged to find and acquire qualified IT employees to accommodate that growth. This often results in rushing and settling for less-than-ideal candidates. Bringing in additional MSP resources shifts that daunting task to a partner who is far better equipped and qualified to provide the right people with the right skills to keep the company growing.

Technology Decisions Become Independent of HR Issues. Suddenly your organization is free to make major revisions to their chosen platforms without regard for the need to terminate a lot of employees. Instead, you can simply require the MSP to furnish people with the new skill sets.

The supplemental role of your MSP can make many tasks easier when it comes to tactical line employees and their functions.

What happens when something goes wrong near the top of the or­ganization?

For example, what would happen if an executive suddenly left the company? Maybe it’s the CIO who suddenly resigns to go work for a competitor. Or, perhaps the CTO stole valuable customer data and was fired. Scenarios like these examples can leave a gaping hole at the top of an organiza­tion. Who would fill that gap? How quickly can a new CTO or CIO be re­cruited and hired? How long would it take for them to understand the current state of your corporate IT?

A senior engineer at your MSP who has been working with you on your infrastructure can easily and readily step in. They already have a working knowledge of your tech­nology environment, having probably participated in designing much of it. They have the proper skills and experience, along with the full support of the entire MSP team.

In several cases, MSP specialists have been called upon to take con­trol of an IT environment, change all the passwords, lock the offend­ing executive out of all systems and help to escort them out of the company. Usually this senior MSP replacement executive will remain in place until a viable replacement is found, recruited, hired, and trained.

Every employer wants to do their best for the employees that do their best to promote the organization’s growth and success. For those who have thought about bringing in an MSP to reduce IT costs, this has often been a primary concern.

Many high-value employees who were becoming bored in their daily maintenance and support routines have been given new opportuni­ties which have enabled them to make dramatically greater contribu­tions to the company, thus also furthering their own careers.

The role of the MSP in today’s progressive organization is supplemental, and complementary. No longer are MSPs considered vendors who provide ‘bodies’ to perform tasks.

Bryley Systems prides itself on being a truly valued partner to our clients, who engage us to work side-by-side with them and their people to grow their organizations.

Bryley Systems has 30 years of experience taking the worry off of our clients’ shoulders and effectively managing IT environments at a predictable cost. For more information about Bryley’s full array of Managed IT Services, please contact us at 978.562.6077 or by email at ITExperts@Bryley.com. We’re here for you. 

Sources and References:
https://www.nytimes.com
https://www.researchgate.net
https://www.bsminfo.com
http://www.toptechnews.comhttps://www.cnet.com